fixup! Web security audit base pipeline

resources/com/cadoles/w3af/audit.w3af.tmpl

@@ -0,0 +1,72 @@
+# -----------------------------------------------------------------------------------------------------------
+#                                              W3AF AUDIT SCRIPT FOR WEB APPLICATION
+# -----------------------------------------------------------------------------------------------------------
+
+#Configure HTTP settings
+http-settings
+set timeout {{ default 10 .W3AF_TIMEOUT }}
+{{ if .W3AF_BASIC_AUTH_USERNAME }}
+set basic_auth_user {{ .W3AF_BASIC_AUTH_USERNAME }}
+set basic_auth_passwd {{ .W3AF_BASIC_AUTH_PASSWORD }}
+{{if .W3AF_BASIC_AUTH_DOMAIN }}
+set basic_auth_domain {{ .W3AF_BASIC_AUTH_DOMAIN }}
+{{end}}
+{{ end }}
+back
+
+#Configure scanner global behaviors
+misc-settings
+set max_discovery_time {{ default 10 .W3AF_MAX_DISCOVERY_TIME }}
+set fuzz_cookies True
+set fuzz_form_files True
+set fuzz_url_parts True
+set fuzz_url_filenames True
+back
+
+profiles
+use {{ default "audit_high_risk" .W3AF_PROFILE }}
+back
+
+plugins
+
+{{ if .W3AF_AUTH_FORM_URL }}
+#Configure target authentication
+auth detailed
+auth config detailed
+set username {{ .W3AF_AUTH_FORM_USERNAME }}
+set password {{ .W3AF_AUTH_FORM_PASSWORD }}
+set method POST
+set auth_url {{ .W3AF_AUTH_FORM_URL }}
+set username_field {{ default "username" .W3AF_AUTH_FORM_USERNAME_FIELD }}
+set password_field {{ default "password" .W3AF_AUTH_FORM_PASSWORD_FIELD }}
+set data_format {{ default "username=%U&password=%P" .W3AF_AUTH_FORM_DATA_FORMAT }}
+set check_url {{ .W3AF_AUTH_FORM_CHECK_URL }}
+set check_string '{{- default "connected" .W3AF_AUTH_FORM_CHECK_STRING -}}'
+back
+{{end}}
+
+
+#Configure reporting in order to generate an HTML report
+output console, html_file
+output config html_file
+set output_file reports/report{{- if .W3AF_REPORT_SUFFIX -}}_{{- .W3AF_REPORT_SUFFIX -}}{{- end -}}.html
+set verbose {{ default "False" .W3AF_VERBOSE }}
+back
+
+output config console
+set verbose {{ default "False" .W3AF_VERBOSE }}
+back
+back
+
+#Set target informations, do a cleanup and run the scan
+target 
+set target {{ .W3AF_TARGET_URL }}
+set target_os {{ default "unix" .W3AF_TARGET_OS }}
+set target_framework {{ default "unknown" .W3AF_TARGET_FRAMEWORK }}
+back
+
+back
+
+cleanup
+start
+exit